Medical Devices: Recognizing When Attacks Cause MalfunctionsRob Bathurst of Cylance on Enhancing Security of Devices
When a medical device malfunctions, many healthcare organizations don't realize the problem might be related to a cyberattack, says Rob Bathurst, managing director for healthcare and life sciences at Cylance Inc.
"In terms of suspecting a medical device being compromised by an attack, what we run into at most organizations is that they don't have the capability or process right now to recognize it was an attack and not just a generic malfunction of the device," Bathurst says in a video interview at Information Security Media Group's recent Healthcare Security Summit in New York.
"What we recommend in the case that a device begins to malfunction is that before it gets sent to [the] biomedicine [department] for reset, initiate a preliminary assessment of what was going on with the device when it malfunctioned," he urges.
"It could be a case where your incident response procedures could dictate that more action be taken with the device," he says. In most cases, however, "organizations will treat it as a common malfunction and it will get reset and rebooted."
Healthcare organizations need to have the capability to understand that their medical devices may have been targeted before they can "go through and figure out why, where or how," he says.
Although there have been a number of high-profile ethical hacker demonstrations showing targeted attacks affecting the performance of medical devices, in the real world today, "what we've found is that medical devices aren't necessarily the target currently, but they are a peripheral device that is usually accessed accidentally or in conjunction with a particular kind of attack," he says. "The most common case we see is ransomware or those self-propagating types of malware that usually impact a medical device as sort of a target of opportunity that causes its availability to be lost or a particular function to go down."
In the interview, Bathurst also discusses:
- Who should be responsible for medical device security;
- Steps entities can take right now to improve the cybersecurity of their medical devices.
Bathurst is managing director for healthcare and life sciences at Cylance Inc., where he is responsible for advising and partnering with major healthcare providers, medical device manufactures and pharmaceutical companies to help those organizations stay ahead of threats. Prior to Cylance, he was the senior technical adviser on emerging threats and attack techniques at the Mayo Clinic, where he also led the technical vulnerability assessment team and vulnerability management team.